﻿<!--#include file="const.inc"-->
<%
'====================================================================
' 感谢使用晴天3G智能建站系统..
' 作者:梁永强.QQ:766750857
' 官方网址:wap.qt3g.com
' 声明:软件版权归作者所有,没有经过作者本人同意不得非法破解和传播本程序
'====================================================================
%>
<%

Response.Expires = -1
Response.AddHeader "Pragma", "no-cache"
Response.AddHeader "Cache-Control", "no-cache, must-revalidate"

Server.ScriptTimeOut = 3600
select case v
case "0"
we0="<br/>"
%>

<card id="login" title="上传文件"><p align="<%=qingtian.px%>">
<%
case "1"
hr="<hr>"
zi="<span style=""color:#FF5500"">"
zi0="</span>"
we="<div class=""footer"">"
sou="<div class=""block4"">"
dao="<div class=""navi"">"
we0="</div>"
%>
<title>上传文件</title>
</head>
<body>
<!--#include virtual="/css.inc"-->
<%

End Select

dim listid,id,pageid,reid,upid,rs

		listid=Request.QueryString("listid")
		if not isnumeric(listid) then listid=0
		if listid="" then listid=0


		reid=Request.QueryString("reid")
		if not isnumeric(reid) then reid=0
		if reid="" then reid=0

		pageid=Request.QueryString("pageid")
		if not isnumeric(pageid) then pageid=1
		if pageid="" then pageid=1


if  listid=0 then
	%><%=we%><%=qingtian.utf8("请不要非法传递参数")%><br/><a href="index.asp"><%=qingtian.utf8("论坛首页")%></a><br/><%
	response.end
end if

if sid="Null" then
	%><%=we%><%=qingtian.utf8("你还没登陆,请先登陆。")%><%=we0%><%=sou%>
	<a href="/login.asp?sid=<%=sidd%>&amp;url=/bbs/board.asp?listid=<%=listid%>"><%=qingtian.utf8("马上登陆")%></a><%=we0%>
	<%
elseif qingtian.qx("nofile", listid)=true then
		%>

		<%=we%><%=qingtian.utf8("出错啦!你已被禁止在本论坛发表帖子,有任何问题请联系管理员!")%><%=we0%>
		<%
else
if qingtian.zfff("zft")=false then
qingtian.err("你的积分不足,系统禁止你上传文件,上传文件最小需要积分"&qingtian.confff("zft")&"")
end if


			dim ip,name,content,member
	dim sql,filesize,upfile,AllowFileExt,formPath,i,fileExt,uploadsuc,ranNum,filename,upfilesize,UploadPath,FilePath,errs
	dim FsoObj1,Upload,File,FormName,path,FilePath2
	errs=false
	UploadPath = "upload/"
	FilePath = Request.ServerVariables("SCRIPT_NAME")
	FilePath=left(FilePath,instrrev(FilePath,"/" ) )


	FilePath2 = server.mappath(Request.ServerVariables("SCRIPT_NAME"))
	FilePath2=left(FilePath2,instrrev(FilePath2,"\" ) - 1 )
	path=FilePath2  & "/" &  UploadPath & year(now()) & "\"
	UploadPath=UploadPath & year(now()) & "/"


    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing


	path=path & month(now()) & "\"
	UploadPath=UploadPath & month(now()) & "/"


    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing


	path=path & day(now()) & "\"
	UploadPath=UploadPath & day(now()) & "/"



    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing

	FilePath=FilePath & UploadPath

	dim filetype


	Set Rs = Server.CreateObject("Adodb.Recordset")

	Sql = "SELECT [upfile],[filesize],[format],[filetype] FROM [qingtian_bbs_config]"

	Rs.Open Sql,conn,1,1
	if not (rs.bof and rs.eof) then
		filetype=rs("filetype")
		upfile=rs("upfile")
		upfilesize=rs("filesize")
		AllowFileExt=rs("format")
	else
	end if
	Rs.close
	set rs=nothing


if upfile=true then

	set upload=new upfile_class ''建立上传对象
	upload.GetData(upfilesize*1024)   '取得上传数据,限制最大上传100M

	if upload.err > 0 then  '如果出错
		select case upload.err
			case 1
				%><%=we%>请先选择你要上传的文件！<%=we0%><%
				%><%=sou%><a href="upad.asp?listid=<%=listid%>&amp;pageidid=<%=pageid%>&amp;sid=<%=sidd%>">返回修改</a><%=we0%><%
				errs=true
			case 2
				%><%=we%>你上传的文件总大小超出了最大限制（<%=upfilesize%>KB）<%=we0%><%
				%><%=sou%><a href="upad.asp?listid=<%=listid%>&amp;pageidid=<%=pageid%>&amp;sid=<%=sidd%>">返回修改</a><%=we0%><%
				errs=true
		end select

	end if

		if DATEDIFF("s", session("addtime"), now()) >600 then
		session("addtime")=now
		session("addcount")=0
		end if

			ip=Request.ServerVariables("REMOTE_ADDR")

			name=trim(upload.form("name"))
			content=trim(upload.form("content"))
			member=upload.form("member")
			if not isnumeric(member) then member=0
			if member="" then member=0
			member=clng(member)


	IF (len(name)<4 and reid=0) or content=""   or session("addBoard")=content or session("addcount")>5  then
                errs=true
		if name="" and reid=0 then%>
		<%=we%>标题不能为空。<%=we0%>
		<%end if
		if len(name)<4 and reid=0 then%>
		<%=we%>标题不能低于4个字。<%=we0%>
		<%end if
		if content="" then%>
		<%=we%>内容不能为空。<%=we0%>
		<%end if
		if len(content)>0 and session("addBoard")=content then%>
		<%=we%>请不要重复提交。<%=we0%>
		<%end if
		if session("addcount")>4 then
		%><%=we%>你好,你的发帖过快..请休息一下在发帖,休息时间倒记时:<%=600-DATEDIFF("s", session("addtime"), now())%>秒.<%=we0%><%
		end if
		%><%=sou%><a href="upad.asp?reid=<%=reid%>&amp;listid=<%=listid%>&amp;pageidid=<%=pageid%>&amp;sid=<%=sidd%>">返回修改</a><%=we0%><%

	end if
	AllowFileExt = Replace(Replace(Replace(UCase(AllowFileExt), "ASP", ""), "ASPX", ""), "|", ",")

if  errs=flase then

	
for each formName in upload.file 
EnableUpload=true
		set ofile=upload.file(formName)  '生成一个文件对象	
		upfilename=ofile.FileName		
		oFileSize=ofile.filesize	
		sizes=cstr(round(oFileSize*1024))		
		fileExt=lcase(ofile.FileExt)
    		fileExt=trim(fileExt)
    
    		if fileExt<>"" then
		arrUpFileType=split(AllowFileExt,",")
		for i=0 to ubound(arrUpFileType)
			if fileEXT=trim(arrUpFileType(i)) then
				EnableUpload=true
				exit for
			end if
		next
    		else
  			EnableUpload=true
   		end if

		if InStr(fileEXT,"asp") > 0 or InStr(fileEXT,"asa") > 0 or InStr(fileEXT,"aspx") > 0 or InStr(fileEXT,"exe") > 0 or InStr(fileEXT,"bat") > 0 or InStr(fileEXT,"dll") > 0 or InStr(fileEXT,"cer") > 0  or InStr(fileEXT,"cdx") > 0  or InStr(fileEXT,"cgi") > 0  or InStr(fileEXT,"com") > 0 or InStr(fileEXT,"htr") > 0 or InStr(fileEXT,"stm") > 0 or InStr(fileEXT,"php") > 0 or InStr(fileEXT,"jsp") > 0 or InStr(fileEXT,"java") > 0 then
		 EnableUpload=false
		end if
		if EnableUpload=false then
			%><%=we%>请选择文件上传！这种文件类型不允许上传:asp|asa|aspx|exe|bat|cer...如果需要上传联系管理员开通(网站基本信息设置)或请先rar（压缩后）再上传<%=we0%><%
				errs=true
		end if
		if oFileSize>(upfilesize*1024) then
      			%><%=we%>文件大小超过了限制，最大只能上传<%=upfilesize%>K的文件！<%=we0%><%
				errs=true
		end if
		if oFileSize=0 then
      			%><%=we%>请先选择你要上传的文件！<%=we0%><%
				errs=true
		end if


		if errs<>true then

			filename=year(now)&strMonth&strDay&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt
			ofile.SaveToFile Server.mappath(FilePath&filename)   '保存文件   
    
     		end if
	
		set file=nothing
		
	
next
    
	set upload=nothing

	if FileName<>"" then
		dim upsave

		if  sizes<500 then
					Dim tempfileOBJ1,txt

					path= path & FileName


    					Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
   			 		Set tempfileOBJ1 = FsoObj1.OpenTextFile(path, 1, 0, 0 )
    					While NOT tempfileOBJ1.AtEndOfStream
						txt=txt & tempfileOBJ1.ReadLine
    					Wend
					Set FsoObj1=Nothing
					Set tempfileOBJ1=Nothing	
					
					upsave=FindFiles(txt)

		end if

		if upsave=""  then
		if reid>0 then
			Set Rs = Server.CreateObject("Adodb.Recordset")

                huaa=qingtian.inlof("huaa")
                hua=qingtian.inlof("hua")
		Sql = "select [id],[zf],[money] FROM qingtian_user where [sid]='"&md5(sid) & md5(strReverse(sid))&"'"
		Rs.Open Sql,conn,1,3
		if not (rs.eof and rs.bof) then
			nid=rs("id")
			rs("zf")=rs("zf")+huaa
			rs("money")=rs("money")+hua
			rs.update
		else
			nid=0
		end if
		Rs.close

			Sql = "select top 1  [time] FROM qingtian_bbs_reforum where   [content]='"&content&"' order by [id] desc"
			Rs.Open Sql,conn,1,1
			if not (rs.eof and rs.bof) then
				if DATEDIFF("s", rs("time"), now()) > 60*60 then
					zz=0
				else
					zz=1
				end if
			else
				zz=0
			end if
			Rs.close

			if zz=0 then

				Sql = "select [nid],[topicid],[content],[ip],[upfile] FROM qingtian_bbs_reforum"
				Rs.Open Sql,conn,1,3
				rs.addnew
				rs("nid")=nid
				rs("topicid")=reid
				rs("content")=content
				rs("ip")=ip
				rs("upfile")=true
				rs.update
				Rs.close

				Sql = "select [reply],[reptime] FROM qingtian_bbs_forum  where [id]="&reid&""
				Rs.Open Sql,conn,1,3
				if not (rs.eof and rs.bof) then
				rs("reply")=rs("reply")+1
				rs("reptime")=now()
				rs.update
				end if
				Rs.close

				Sql = "select top 1 [id] from [qingtian_bbs_reforum] where nid="&nid&" order by [id] desc"
				Rs.Open Sql,conn,1,1
				if not (rs.eof and rs.bof) then
				id=rs("id")
				end if
				Rs.close

				Sql = "SELECT [id],[name],[topicid],[reid],[url],[size],[nid] FROM [qingtian_bbs_reforum_file]"
				Rs.Open Sql,conn,1,3
				rs.addnew
                                rs("name")=upfilename
				rs("topicid")=reid
				rs("reid")=id
				rs("url")=UploadPath & FileName
				rs("size")=sizes
				rs("nid")=qingtian.nid
				rs.update
				upid=rs("id")
				Rs.close
				set rs=nothing

				session("repBoard")=content
				if session("addtime")<>"" then
				if DATEDIFF("s", session("addtime"), now()) >20 then
				session("addtime")=now
				session("addcount")=1
				else
				session("addtime")=now
				session("addcount")=session("addcount")+1
				end if
				else
				session("addtime")=now
				session("addcount")=1
				end if

				if session("addcount")>2 then
					%><%=we%>你好,请注意一下了..你已经一口气回复了<%=session("addcount")%>帖了.<%=we0%><%
				end if

				%><%=we%>发表回复成功.<%=we0%>你的积分增加<%=zi%><%=huaa%><%=zi0%>，你的<%=qingtian.bi%>增加<%=zi%><%=hua%><%=zi0%>，今日系统剩余<%=qingtian.bi%>:<%=zi%><%=qingtian.inlof("mot")%><%=zi0%>。<%=we0%>
				<%=sou%><a href="viewv.asp?id=<%=reid%>&amp;listid=<%=listid%>&amp;pageid=<%=pageid%>&amp;sid=<%=sidd%>">返回帖子</a><%=we0%>
				<%

			else
				%><%=we%>请不要发重复的帖!<%=we0%><%
			end if





		%>
		<%=qingtian.utf8("上传成功!")%><br/>
		<%
		else


			Set Rs = Server.CreateObject("Adodb.Recordset")


		faee=qingtian.inlof("faee")
                fae=qingtian.inlof("fae")
		Sql = "select [id],[zf],[money] FROM qingtian_user where [sid]='"&md5(sid) & md5(strReverse(sid))&"'"
		Rs.Open Sql,conn,1,3
		if not (rs.eof and rs.bof) then
			nid=rs("id")
			rs("zf")=rs("zf")+faee
			rs("money")=rs("money")+fae
			rs.update
		else
			nid=0
		end if
		Rs.close



			Sql = "select top 1  [posttime] FROM qingtian_bbs_forum where [content]='"&content&"' and [name]='"&name&"' order by [id] desc"
			Rs.Open Sql,conn,1,1
			if not (rs.eof and rs.bof) then

				if DATEDIFF("s", rs("posttime"), now()) > 60*60 then
					zz=0
				else
					zz=1
				end if
			else
				zz=0
			end if
			Rs.close


			if zz=0 then

				Sql = "select [listid],[name],[content],[nid],[member],[ip],[upfile] FROM qingtian_bbs_forum"
				Rs.Open Sql,conn,1,3
				rs.addnew
				rs("nid")=nid
				rs("listid")=listid
				rs("name")=name
				rs("content")=content
				rs("member")=member
				rs("ip")=ip
				rs("upfile")=true
				rs.update
				Rs.close

				Sql = "select [tid] FROM qingtian_bbs  where [id]="&listid&""
				Rs.Open Sql,conn,1,3
				if not (rs.eof and rs.bof) then
					rs("tid")=rs("tid")+1
					rs.update
				end if
				Rs.close

				Sql = "select top 1 [id] from [qingtian_bbs_forum] where nid="&nid&" order by [id] desc"
				Rs.Open Sql,conn,1,1
				if not (rs.eof and rs.bof) then
					id=rs("id")
				end if
				Rs.close


				Sql = "SELECT [id],[name],[topicid],[url],[size],[nid] FROM   [qingtian_bbs_forum_file]"
				Rs.Open Sql,conn,1,3
				rs.addnew
				rs("name")=upfilename
				rs("topicid")=id
				rs("url")=UploadPath & FileName
				rs("size")=sizes
				rs("nid")=qingtian.nid
				rs.update
				upid=rs("id")
				Rs.close
				set rs=nothing


				session("addBoard")=content
				if session("addtime")<>"" then
					if DATEDIFF("s", session("addtime"), now()) >20 then
						session("addtime")=now
						session("addcount")=1
					else
						session("addtime")=now
						session("addcount")=session("addcount")+1
					end if
				else
					session("addtime")=now
					session("addcount")=1
				end if

				if session("addcount")>2 then
				%><%=we%>你好,请注意一下了..你已经一口气发了<%=session("addcount")%>帖了.<%=we0%><%
				end if
				%><%=we%>发表新帖成功.<%=we0%>你的积分增加<%=zi%><%=faee%><%=zi0%>，你的<%=qingtian.bi%>增加<%=zi%><%=fae%><%=zi0%>，今日系统剩余<%=qingtian.bi%>:<%=zi%><%=qingtian.inlof("mot")%><%=zi0%>。<%=we0%>
				<%=sou%><a href="viewv.asp?id=<%=id%>&amp;listid=<%=listid%>&amp;pageid=<%=pageid%>&amp;sid=<%=sidd%>">进入帖子</a><%=we0%>
				<%

			else
				%><%=we%>请不要发重复的帖!<%=we0%><%
			end if



		end if
		else
    			Set FsoObj=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj.FileExists(path) then
   			FsoObj.CopyFile path,Replace(path,"upload","bakupload")
			end if
			Set FsoObj=Nothing

    			Set FsoObj=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj.FileExists(path) then
   			FsoObj.deletefile(path)
			end if
			Set FsoObj=Nothing


			%><%=upsave%><%
		end if
	else
		%><%=we%><%=qingtian.utf8("上传文件出错!")%><%=we0%><%
	end  if
end if	

	else%>
	<%=we%><%=qingtian.utf8("系统禁止上传文件!")%><%=we0%>
	<%end if%>
<%end if%>
			<%=sou%><a href="board.asp?listid=<%=listid%>&amp;pageid=<%=pageid%>&amp;sid=<%=sidd%>"><%=qingtian.utf8("返回帖子列表")%></a><%=we0%>
			
<%
end Function 
%>
